Cloud OPNsense FW

[spetrillo]

Hello all,

I am moving a client from a dedicated environment into a multi-tenant cloud environment. My question is around deployment of OPNsense virtual firewalls. Do folks deploy a single firewall vm or a two firewall vms in a clustered approach? My thought on a single firewall vm is to build it completely and then make an image, so if the running firewall dies I can deploy a replacement quickly. Wondering if someone had to solve for this.

Thanks,
Steve

[mimugmail]

CARP usually doesnt work in cloud environments

[spetrillo]

CARP usually doesnt work in cloud environments

I thought as much, so that means my options are very limited. I basically would build the vm, create an image from the build, and keep the image in my catalog to deploy quickly.

[cliffwilliams44]

What cloud provider?
Most of them support IPSEC VPNs. You really don't need a virtual device in the cloud unless you need something like Meraki that is a propitiatory connection.

[spetrillo]

What cloud provider?
Most of them support IPSEC VPNs. You really don't need a virtual device in the cloud unless you need something like Meraki that is a propitiatory connection.

It's a VMware multi-tenant cloud provider. They could provide firewalls as a service but I prefer spinning up a vm and running OPNsense on it. OPNsense provides addtl functionality, that I would have to pay extra for.

[Patrick M. Hausen]

CARP usually doesnt work in cloud environments

It works as expected across a vSwitch at Hetzner.

[spetrillo]

CARP usually doesnt work in cloud environments

It works as expected across a vSwitch at Hetzner.

My plan is for a 2 node OPNsense cluster in production and a 1 node firewall in DR.